<?php

class Post {
  //db module stuff
  private $conn;
  private $table = 'users';

  //post properties
  public $id;
  public $rol;
  public $name;
  public $password;
  public $softDelete;
  public $createdAt;
  public $identify;
  public $hash;

  //constructor with db connection
  public function __construct($db) {
    $this->conn = $db;
  }

  //create user
  public function create() {
    $query = '';
    //create query
    $query .= 'INSERT INTO ';
    $query .= "{$this->table} ";
    $query .= 'SET ';
    $query .= 'rol = :rol, ';
    $query .= 'name = :name, ';
    $query .= 'password = :password ';
    //prepare statement
    $stmt = $this->conn->prepare($query);
    //clean data
    $this->rol = htmlspecialchars(strip_tags($this->rol));
    $this->name = htmlspecialchars(strip_tags($this->name));
    $this->password = htmlspecialchars(strip_tags($this->password));

    $security_database_password = password_hash($this->password, PASSWORD_DEFAULT);

    //binding of parameters
    $stmt->bindParam(':rol', $this->rol);
    $stmt->bindParam(':name', $this->name);
    $stmt->bindParam(':password', $security_database_password);
    //execute the query
    if ($stmt->execute()) {
      return true;
    }

    //print error if something goes wrong
    printf("Error %s. \n", $stmt->error);
    return false;
  }

  //read users
  public function read() {
    $query =  '';
    //create query
    $query .= 'SELECT ';
    $query .= 'id, ';
    $query .= 'rol, ';
    $query .= 'name, ';
    $query .= 'password, ';
    $query .= 'softDelete, ';
    $query .= 'createdAt ';
    $query .= "FROM {$this->table} ";
    $query .= 'ORDER BY ';
    $query .= 'createdAt DESC';

    //prepare statement
    $stmt = $this->conn->prepare($query);
    //execute query
    $stmt->execute();

    return $stmt;
  }

  //read single user
  public function read_single() {
    $query =  '';
    //create query
    $query .= 'SELECT ';
    $query .= 'id, ';
    $query .= 'rol, ';
    $query .= 'name, ';
    $query .= 'password, ';
    $query .= 'softDelete, ';
    $query .= 'createdAt ';
    $query .= "FROM {$this->table} ";
    $query .= 'WHERE id = ? ';

    //prepare statement
    $stmt = $this->conn->prepare($query);
    //binding param
    $stmt->bindParam(1, $this->id);
    //execute query
    $stmt->execute();

    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    $this->id = $row['id'];
    $this->rol = $row['rol'];
    $this->name = $row['name'];
    $this->password = $row['password'];
    $this->softDelete = $row['softDelete'];
    $this->createdAt = $row['createdAt'];

    return $stmt;
  }

  //update users
  public function update() {
    $query = '';
    //update query
    $query .= 'UPDATE ';
    $query .= "{$this->table} ";
    $query .= 'SET ';
    $query .= 'rol = :rol, ';
    $query .= 'name = :name ';
    $query .= 'WHERE id = :id ';
    //prepare statement
    $stmt = $this->conn->prepare($query);
    //clean data
    $this->rol = htmlspecialchars(strip_tags($this->rol));
    $this->name = htmlspecialchars(strip_tags($this->name));
    $this->id = htmlspecialchars(strip_tags($this->id));
    //binding of parameters
    $stmt->bindParam(':id', $this->id);
    $stmt->bindParam(':rol', $this->rol);
    $stmt->bindParam(':name', $this->name);
    //execute the query
    if ($stmt->execute()) {
      return true;
    }

    //print error if something goes wrong
    printf("Error %s. \n", $stmt->error);
    return false;
  }

  //update password user
  public function update_password() {
    $query = '';
    //update query
    $query .= 'UPDATE ';
    $query .= "{$this->table} ";
    $query .= 'SET ';
    $query .= 'password = :password ';
    $query .= 'WHERE id = :id ';
    //prepare statement
    $stmt = $this->conn->prepare($query);
    //clean data
    $this->password = htmlspecialchars(strip_tags($this->password));
    $this->id = htmlspecialchars(strip_tags($this->id));
    //binding of parameters
    $stmt->bindParam(':password', $this->password);
    $stmt->bindParam(':id', $this->id);
    //execute the query
    if ($stmt->execute()) {
      return true;
    }

    //print error if something goes wrong
    printf("Error %s. \n", $stmt->error);
    return false;
  }

  //soft delete user
  public function soft_delete() {
    $query = '';
    //soft delete query
    $query .= 'UPDATE ';
    $query .= "{$this->table} ";
    $query .= 'SET ';
    $query .= 'softDelete = :softDelete ';
    $query .= 'WHERE id = :id ';
    //prepare statement
    $stmt = $this->conn->prepare($query);
    //clean data
    $this->id = htmlspecialchars(strip_tags($this->id));
    $this->softDelete = htmlspecialchars(strip_tags($this->softDelete));
    //binding of parameters
    $stmt->bindParam(':id', $this->id);
    $stmt->bindParam(':softDelete', $this->softDelete);
    //execute the query
    if ($stmt->execute()) {
      return true;
    }

    //print error if something goes wrong
    printf("Error %s. \n", $stmt->error);
    return false;
  }

  //user identification
  public function identify() {
    $query =  '';
    //create query
    $query .= 'SELECT ';
    $query .= 'name, ';
    $query .= 'password, ';
    $query .= 'softDelete ';
    $query .= "FROM {$this->table} ";
    $query .= 'WHERE name = ? ';

    //prepare statement
    $stmt = $this->conn->prepare($query);
    //binding param
    $stmt->bindParam(1, $this->identify);
    //execute query
    $stmt->execute();

    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($row['softDelete']) {
      return false;
    }

    if (password_verify($this->hash, $row['password'])) {
      return true;
    }

    return false;
  }

}

?>